Summary: | <app-text/evince-2.32.0-r1: DVI arbitrary code execution (CVE-2010-{2640,2641,2642,2643}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Paweł Hajdan, Jr. (RETIRED) <phajdan.jr> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | major | CC: | gnome |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://seclists.org/fulldisclosure/2011/Jan/38 | ||
Whiteboard: | A2 [glsa] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 353436 | ||
Bug Blocks: |
Description
Paweł Hajdan, Jr. (RETIRED)
2011-01-05 15:07:03 UTC
Upstream commit appears to be at the URL below, but I do not see a new release yet. http://git.gnome.org/browse/evince/commit/?id=d4139205b010ed06310d14284e63114e88ec6de2 The patch also breaks dvi handling for me completely :-S https://bugzilla.gnome.org/show_bug.cgi?id=639746 +*evince-2.32.0-r1 (18 Jan 2011) + + 18 Jan 2011; Pacho Ramos <pacho@gentoo.org> -evince-2.26.2.ebuild, + -files/evince-2.27.4-smclient-configure.patch, -evince-2.28.2.ebuild, + +evince-2.32.0-r1.ebuild, +files/evince-2.32.0-dvi-CVEs.patch, + +files/evince-2.32.0-libdocument-segfault.patch, + +files/evince-2.32.0-pk-fonts.patch: + Revision bump including upstream patches for fixing security bugs in dvi + backend, libdocument segfaults and problem with pk fonts after applying + security patch. Remove old. But stabilization will probably need to wait since it requires newer glib and 2.32 stuff (In reply to comment #3) > > But stabilization will probably need to wait since it requires newer glib and > 2.32 stuff > Thank you. I am guessing bug 339225 is the correct one to track. If not, please feel free to set me right. ;) An A2-rated vulnerabilty should be handled within 5 days according to http://www.gentoo.org/security/en/vulnerability-policy.xml, that would mean Jan 10, two weeks ago. :-/ Should we issue a temporary GLSA? Should we mask the package, or backport the security fix, or take some other action? It was stabilized long ago ;) (In reply to comment #6) > It was stabilized long ago ;) Thanks, Pacho. GLSA request filed. CVE-2010-2643 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2643): Integer overflow in the TFM font parser in the dvi-backend component in Evince 2.32 and earlier allows remote attackers to execute arbitrary code via a crafted font in conjunction with a DVI file that is processed by the thumbnailer. CVE-2010-2642 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2642): Heap-based buffer overflow in the AFM font parser in the dvi-backend component in Evince 2.32 and earlier, teTeX 3.0, t1lib 5.1.2, and possibly other products allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font in conjunction with a DVI file that is processed by the thumbnailer. CVE-2010-2641 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2641): Array index error in the VF font parser in the dvi-backend component in Evince 2.32 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font in conjunction with a DVI file that is processed by the thumbnailer. CVE-2010-2640 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2640): Array index error in the PK font parser in the dvi-backend component in Evince 2.32 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font in conjunction with a DVI file that is processed by the thumbnailer. This issue was resolved and addressed in GLSA 201111-10 at http://security.gentoo.org/glsa/glsa-201111-10.xml by GLSA coordinator Alex Legler (a3li). |